• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs password forgot link not alway copies correct

Linulex

Linulex

Silver Pleskian
TITLE:
password forgot link not alway copies correct
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.8.11 Update #28, and possible all other plesk vesions
all os'es, all systems, etc... this is a plesk issue and is indepentent from os
PROBLEM DESCRIPTION:
When using the password forgot link, a mail is send to the customer, so far so good. When this the code has a % in it, it is not always copied correct and the average customer never heard of ascii code.

for example

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D

changed to

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q=

because %3D is the ascii code for =

And for the average customer, "IT" doesn't work, and he gets frustrated.

regards
Jan​
STEPS TO REPRODUCE:
send a forgot email, keep sending it till a code sequence is that of a raw ascii sign

for example

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D​
ACTUAL RESULT:
when clicked it is changed into this and the user gets an error that the secret code is not correct

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q=​
EXPECTED RESULT:
secret must be

iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D​
ANY ADDITIONAL INFORMATION:
Maybe some warning in the e-mail that it would be possible the the code have to be copied manual if it doesn't work.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Help with sorting out
 
additional info:

copying the link in the field does not work: it keeps saying: wrong secret code.
 
Questions from developer:

1. Is user able to change a password? If yes, what is the problem?
2. There is no bug here. The secret in the example is URL encoded, so, when it is decoded, %3D has been changed with = – it is absolutely correct.
 
I guess the user uses some sort of webmail.
Can he open the mail as plain text, copy such URL and past it into the browser location bar?
 
At the moment the user can not do this anymore because i have reset his password for him via plesk.

But as i reported: that doesnt work.

Linulex said:
additional info:

copying the link in the field does not work: it keeps saying: wrong secret code.
Click to expand...

regards
Jan
 
You must log in or register to reply here.

Similar threads

serreri
Possible problem with password recovery with incorrect email
Replies
1
Views
430
Kaspar@Plesk
Kaspar@Plesk
K
Forwarded to devs User name of account owner always used in password reset email of other users
Replies
1
Views
965
IgorG
IgorG
Linulex
Issue password forgot link not alway copies correct
Replies
2
Views
836
Linulex
Linulex
M
Forwarded to devs 554 5.7.1 <test@dömäin.tld>: Relay access denied;
Replies
12
Views
5K
carefreesmasher
C
DennisAm
Forwarded to devs Outgoing DKIM not working with unauthenticated user
Replies
1
Views
1K
IgorG
IgorG
Back
Top